URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/ 웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ 샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" ... </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) 2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more... ]
The post Mozilla SSL Configuration Generator appeared first on 지락문화예술공작단.
원문출처 : https://jirak.net/wp/mozilla-ssl-configuration-generator/
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
34 | Moving Toward SSL | 관리자 | 2016.12.02 | 42 |
33 | WordPress 4.6 Release Candidate | 관리자 | 2016.07.28 | 42 |
32 | iptables port redirection | 관리자 | 2015.12.31 | 40 |
31 | WordPress 4.4 “Clifford” | 관리자 | 2015.12.31 | 40 |
30 | apache ab failed requests length | 관리자 | 2016.05.10 | 39 |
29 | WordPress 4.5.2 Security Release | 관리자 | 2016.05.07 | 39 |
28 | log timestamp timezone in mysql-5.7 | 관리자 | 2016.05.12 | 37 |
27 | Recompiling VirtualBox kernel modules [FAILED] on centos7.2 or rhel7.2 | 관리자 | 2015.12.31 | 37 |
26 | WordPress 4.6 Beta 1 | 관리자 | 2016.06.30 | 36 |
25 | WordPress 4.5 “Coleman” | 관리자 | 2016.04.13 | 36 |
24 | Optimizing NFS Performance | 관리자 | 2016.05.23 | 34 |
23 | MySQL Fetch Cursor 문 사용방법 | 관리자 | 2016.04.06 | 34 |
22 | /etc/sysconfig/iptables 에 포트 리다이렉션 추가해 주기 | 관리자 | 2016.03.25 | 34 |
21 | WordPress 4.6 Beta 3 | 관리자 | 2016.07.14 | 33 |
20 | 인터넷으로 서비스를 제공하기 위해 챙겨야 할 실용적인 보안 가이드 | 관리자 | 2016.05.24 | 33 |